404 error on SSO page ("/usr/share/nginx/yunohost/sso" failed (2: No such file or directory))

Hi all,
First of all, thanks a lot for the amazing yunohost, I’m having a great time using it!
I’m encountering an issue I cannot resolve alone, and although I’ve been looking on this forum I haven’t found a good replicate of this error. Please indicate me if you think a thread is actually relevant for my case :slight_smile:
Symptoms:

When trying to reach mydomain.tld/yunohost/sso I get a 404 error page from nginx.
Also, the page mydomain.tld shows the greeting page of nginx (Welcome to nginx! If you see this page, the nginx web server is successfully installed and so on)

Logs:
running tail -n 100 /var/log/nginx/mydomain.tld-*.log, I get

  • from access.log:
public.ip - - [14/Apr/2020:19:51:58 +0100] "GET /yunohost/sso HTTP/2.0" 404 496 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
public.ip - - [14/Apr/2020:19:51:59 +0100] "GET /favicon.ico HTTP/2.0" 404 496 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
  • from error.log:
2020/04/14 19:51:58 [error] 6769#6769: *9370 open() "/usr/share/nginx/html/yunohost/sso" failed (2: No such file or directory), client: public.ip, server: mydomain.tld, request: "GET /yunohost/sso HTTP/2.0", host: "mydomain.tld"
2020/04/14 19:51:59 [error] 6769#6769: *9370 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: public.ip, server: mydomain.tld, request: "GET /favicon.ico HTTP/2.0", host: "mydomain.tld"

Additional info:
Indeed, when inspecting /usr/share/nginx, I only have index.html but no yunohost directory.
I recently faced an issue with mastodon, which filled all of my disk space. I fear that this would be a consequence, as everything worked fine before that.
When the disk space got filled most of the services went down and that’s when I started getting this error, but I managed to get some space back and all apps are working fine. I upgraded system and apps since.
Any idea?
I was thinking of just copying an existing yunohost/sso directory, but I don’t know where to find it.
Cheers


[FR]

Salut à tous,
Tout d’abord, merci beaucoup pour l’incroyable yunohost, je passe de super moments à l’utiliser !
Je rencontre un problème que je n’arrive pas à résoudre seul, et bien que j’ai regardé sur ce forum, je n’ai rien trouvé de problème qui soit tout à fait similaire. Merci de me dire si vous pensez qu’un fil est en fait pertinent pour mon cas :slight_smile:
Symptômes :

Quand j’essaie d’atteindre mondomaine.tld/yunohost/sso je suis face à une page d’erreur 404 de nginx.
De plus, la page mondomaine.tld montre la page d’accueil de nginx (Welcome to nginx! If you see this page, the nginx web server is successfully installed etc.)

Logs :
En exécutant tail -n 100 /var/log/nginx/mydomain.tld-*.log, j’obtiens

  • de access.log:
public.ip - - [14/Apr/2020:19:51:58 +0100] "GET /yunohost/sso HTTP/2.0" 404 496 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
public.ip - - [14/Apr/2020:19:51:59 +0100] "GET /favicon.ico HTTP/2.0" 404 496 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
  • de error.log:
2020/04/14 19:51:58 [error] 6769#6769: *9370 open() "/usr/share/nginx/html/yunohost/sso" failed (2: No such file or directory), client: public.ip, server: mydomain.tld, request: "GET /yunohost/sso HTTP/2.0", host: "mydomain.tld"
2020/04/14 19:51:59 [error] 6769#6769: *9370 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: public.ip, server: mydomain.tld, request: "GET /favicon.ico HTTP/2.0", host: "mydomain.tld"

Infos additionnelles:
En effet, quand je regarde /usr/share/nginx, j’ai seulement index.html mais pas de dossier yunohost.
J’ai récemment eu un problème avec mastodon, qui a rempli tout mon espace disque. Je crains que ce soit une conséquence, puisque tout marchait bien avant.
Quand l’espace disque a été rempli la plupart des services ont arrêté de fonctionner et c’est là que j’ai commencé à avoir l’erreur, mais j’ai réussi à libérer de l’espace et toutes les apps marchent à nouveau. J’ai mis à jour système et applications depuis.
Une idée ?
Je pensais juste copier un dossier yunohost/sso existant, mais je ne sais pas où trouver un modèle.
Cheers

1 Like

Uuuuh wokay it’s not the first time I see that kind of issue reported and I’m still confused by what’s happening exactly … That sounds similar to https://github.com/YunoHost/issues/issues/1514

Could it be that you have some stuff in /etc/ssowat/conf.json.persistent that could be interfering ?

1 Like

Thanks for the quick response!
I don’t think that would be it, as the /etc/ssowat/conf.json.persistent just contains a simple redirection of url:
cat /etc/ssowat/conf.json.persistent returns

{
    "redirected_urls": {
        "mydomain.tld/": "mydomain.tld/home"
    }
}

BTW I did not mention it but the admin panel works fine too.

Hey, I dare to up the topic. Upon further investigation (but I do not understand the issue well), I thought I may have lost some files but I don’t think it’s the case anymore: I found all the login pages and scripts in /usr/share/ssowat.
Here is also the complete /etc/ssowat/conf.json, in case something was wrong in the file (but I never edited it)

{
    "additional_headers": {
        "Auth-User": "uid", 
        "Email": "mail", 
        "Name": "cn", 
        "Remote-User": "uid"
    }, 
    "domains": [
        "mydomain.tld", 
        "git.mydomain.tld", 
        "toot.mydomain.tld", 
        "cloud.mydomain.tld"
    ], 
    "permissions": {
        "cloud.mydomain.tld": [
            "user1"
        ], 
        "git.mydomain.tld": [
            "user1"
        ], 
        "mydomain.tld/dav": [
            "user1"
        ], 
        "mydomain.tld/home": [
            "user2", 
            "user1"
        ], 
        "toot.mydomain.tld": [
            "user1"
        ]
    }, 
    "portal_domain": "mydomain.tld", 
    "portal_path": "/yunohost/sso/", 
    "protected_regex": [], 
    "protected_urls": [], 
    "redirected_regex": {
        "mydomain.tld/yunohost[\\/]?$": "https://mydomain.tld/yunohost/sso/"
    }, 
    "redirected_urls": {}, 
    "skipped_regex": [
        "^[^/]*/%.well%-known/acme%-challenge/.*$", 
        "^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$"
    ], 
    "skipped_urls": [
        "mydomain.tld/yunohost/admin", 
        "mydomain.tld/yunohost/api", 
        "git.mydomain.tld/yunohost/admin", 
        "git.mydomain.tld/yunohost/api", 
        "toot.mydomain.tld/yunohost/admin", 
        "toot.mydomain.tld/yunohost/api", 
        "cloud.mydomain.tld/yunohost/admin", 
        "cloud.mydomain.tld/yunohost/api"
    ], 
    "unprotected_regex": [], 
    "unprotected_urls": [
        "git.mydomain.tld", 
        "mydomain.tld/home", 
        "toot.mydomain.tld", 
        "mydomain.tld/dav", 
        "cloud.mydomain.tld"
    ], 
    "users": {
        "user1": {
            "cloud.mydomain.tld": "Cloud", 
            "git.mydomain.tld": "Gitea", 
            "mydomain.tld/dav": "Radicale", 
            "mydomain.tld/home": "Homepage", 
            "toot.mydomain.tld": "Mastodon"
        }, 
        "user2": {
            "mydomain.tld/home": "Homepage"
        }
    }

I don’t really see what could be the problem. But I don’t understand how nginx and ssowat interact (or what happens when I hit Enter after having written the URL really!).
I think that I will try to install an app at the root of the domain and see what happens (it will, at least, show a nice page and not nginx greetings page).
However, the portal is still a 404 page, and that is more problematic (even though I can always log in to the different apps separately, it’s a bit less convenient).
Thank you so much for the help!
Best

Could it be that it works depending if you’re logged in / logged out ?

I’ll try to re-read ssowat’s code but don’t hesitate to bump if I forget…

1 Like

Hi @Aleks, thank ou for the fast answer!
First, I moved my Grav homepage to the root of my domain, which in effect got rid of one of my issues, the nginx greeting page. However, mydomain.tld/yunohost/sso is then displayed as a 404 page from Grav.
Then, I’m not sure how to test if the page works depending on whether I’m logged in or not. Here is what I did:

  • Moved the homepage away from the domain’s root again.
  • Opened a private session on my browser
  • Tried to reach the page (mydomain.tld/yunohost/sso), got 404.
  • Logged in my Seafile account (this is when I’m not sure if it’s the right move)
  • Tried to load the sso page again, got 404.

Let me know if you think my protocol is wrong :slight_smile: thanks a lot!
Best

So just to be sure, this happens on your main domain right ? The same domain that shows up when you do grep portal_domain /etc/ssowat/conf.json ?

Yep that’s it. I declared a lot of other domains though but they all have an app installed at the root.

Hmpf I can’t reproduce the issue on my side yet but willing to get to the bottom of this …

  1. Could it be that you’re behing a reverse proxy ?
  2. Do you still reproduce the issue if you 'rm /etc/ssowat/conf.json.persistent' (or mv it elsewhere, doesn’t really matter)
  3. Does 'grep -nr "/usr/share/nginx" /etc/nginx' returns anything ?
  4. Could it be that you tweaked your /etc/hosts or similar stuff ?
  5. Can you provide yunohost app map | grep domain.tld (with domain.tld being the main domain)
  6. … if no clue with the previous stuff, we’ll look in ssowat’s code…
1 Like

Hi @Aleks, thank you so much.
So:

  1. I haven’t set a reverse proxy up… so I don’t think I’m using one :sweat_smile:. My /etc/nginx/sites-enables/ is empty, which is as far as I understand where the reverse proxy would be configured.
  2. No, moving /etc/ssowat/conf.json.persistent did not change it (nginx greeting page for https://domain.tld and 404 on https://domain.tld/yunohost/sso).
  3. grep -nr "/usr/share/nginx" /etc/nginx returns nothing.
  4. I don’t remember having modified /etc/hosts. There’s one line I’m not sure would be in the original file: 127.0.1.1 raspberrypi. Maybe it was added by me? Sorry I can’t remember…
    As for the rest everything worked out of the box, so I didn’t tweak much (it’s a young server!).
  5. With my domain name, yunohost app map | grep moqueur.chat returns
cloud.moqueur.chat: Cloud
dav.moqueur.chat: Radicale
etienne.moqueur.chat: Etienne
git.moqueur.chat: Gitea
moqueur.chat/home: Homepage

It all seems pretty regular to me…

Wokay … For what I can see doing tests on my side, it looks like SSOwat is not even “applied” at all for the main domain (but it is for the other ones) …

Does ‘yunohost tools regen-conf nginx --dry-run’ returns anything ?

What about ’grep -nr " server_name yourdomain.tld" /etc/nginx/'

(Edit: or even 'grep -nr " server_name " /etc/nginx/')

yunohost tools regen-conf nginx --dry-run returns the following lines

Attention : Le fichier de configuration '/etc/nginx/conf.d/moqueur.chat.conf' a été modifié manuellement et ne sera pas mis à jour
nginx: 
  applied: 
  pending: 
    /etc/nginx/conf.d/moqueur.chat.conf: 
      status: modified

I don’t remember having modified it though.
I had a look at the conf file and saw that the line access_by_lua_file /usr/share/ssowat/access.lua was commented in the https server block, I tried to uncomment it but nothing changed.

As for grep -nr " server_name " /etc/nginx/ it returns

/etc/nginx/conf.d/toot.moqueur.chat.conf:9:    server_name toot.moqueur.chat;
/etc/nginx/conf.d/toot.moqueur.chat.conf:30:    server_name toot.moqueur.chat;
/etc/nginx/conf.d/git.moqueur.chat.conf:9:    server_name git.moqueur.chat;
/etc/nginx/conf.d/git.moqueur.chat.conf:30:    server_name git.moqueur.chat;
/etc/nginx/conf.d/dav.moqueur.chat.conf:9:    server_name dav.moqueur.chat;
/etc/nginx/conf.d/dav.moqueur.chat.conf:30:    server_name dav.moqueur.chat;
/etc/nginx/conf.d/cloud.moqueur.chat.conf:9:    server_name cloud.moqueur.chat;
/etc/nginx/conf.d/cloud.moqueur.chat.conf:30:    server_name cloud.moqueur.chat;
/etc/nginx/conf.d/etienne.moqueur.chat.conf:9:    server_name etienne.moqueur.chat;
/etc/nginx/conf.d/etienne.moqueur.chat.conf:30:    server_name etienne.moqueur.chat;
/etc/nginx/conf.d/moqueur.chat.conf:9:    server_name moqueur.chat;
/etc/nginx/conf.d/moqueur.chat.conf:30:    server_name moqueur.chat;

Did you systemctl reload nginx ?

Anyway … I don’t know what or who the fuck did that but I’m thinking about sending a mail of insults …

Can you try to grep -nr access_by_lua /var/log/yunohost/categories/*

I forgot to reload nginx. That was it! Thank you so much for your help @Aleks!
So the problem was caused by a commented line (access_by_lua_file /usr/share/ssowat/access.lua) in /etc/nginx/conf.d/domain.tld.conf.

That’s good to know that it works, but I’d still like to understand better how this happens … So if you have some time to run that previous command I mentionned that’d be nice :wink:

grep -nr access_by_lua /var/log/yunohost/categories/*

Okay I’ve tried it with and without the commented access_by_lua_file line, but it returned nothing in both cases. I also tried grep -nr access_by_lua /var/log/yunohost/categories/operation/* since it is the only directory in my yunohost/categories, but nothing either…

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.